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[57] ABSTRACT 

A data processor (20) which flexibly encrypts data within 
different address ranges includes an encryption determina- 
tion circuit (50) to monitor an address conducted on an 
internal address bus (22) and when the address is within 
certain predefined ranges, perform encryption or decryption 
of address and/or data. For example the encryption deter- 
mination circuit (50) may be used to selectively enable a 
data encryption-decryption circuit (60). When the data 
encryption -decryption circuit (60) is disabled, data con- 
ducted on an internal data bus (23) becomes "cleartext", i.e.,, 
non-encrypted. In one embodiment, the data encryption- 
decryption is performed in partial dependence on the address 
itself, and the address conducted to the external address bus 
is itself selectively encrypted as well. 

5 Claims, 3 Drawing Sheets 



A8-A15 



<} 



<3 



f L T- J 

A0-A7 



no 



EXTERNAL 
AODRESS 
BUS 



MUX 



103 




IA0-IA15 

-Is- 



C7 



INTERNAL 
DATA BUS 



23 



'60 





































( 
















) ( 
















) 


J 


/ ) 


... V 


) 




J 


) 


J 


■! 


amaa 



22 



INTERNAL ADDRESS BUS- 



IA8-IA15 

( 

BYPASS 52 



IA0-IA7 



16 



CPU 
CORE 



121 



FLOATING-GATE 
N0N VOLATILE 
MEMORY 



BOOTSTRAP 



50 



1 



POWER-UP 
MODE 
LOGIC 
24 



120 



RESET 



POWER-UP 

CONFIGURATION 

BUS 



122 



10/22/2003, EAST Version: 1.04.0000 



U.S. Patent Apr. 6, 1999 Sheet 1 of 3 



5,892,826 




10/22/2003, EAST version: 1.04.0000 



U.S. Patent Apr. 6, 1999 Sheet 2 of 3 5,892,826 



5! 



a: 











CPU 
CORE 





a. 
< 

y— 

CO 



■ 5 

i—i 




sivvvv 



svvvv 




10/22/2003, EAST Version: 1.04.0000 



U.S. Patent Apr. 6, 1999 sheet 3 of 3 5,892,826 




O 







o 









III II 



< 



I 

o 
< 



\\\\\\\\\\\\\\\\ 



X 



3 




sivvvv 




svvvv 



) c 




10/22/2003, EAST version: 1.04.0000 



DETAILED DESCRIPTION OF A PREFERRED 
25 EMBODIMENT 



5,892,826 

1 2 

DATA PROCESSOR WITH FLEXIBLE DATA from a terminal. In that case, encryption presents a couple of 

ENCRYPTION problems. First, encryption would increase the cost of sys- 
tem elements if they too had to include encryption and/or 

FIELD OF THE INVENTION decryption circuitry. Second, the microcontroller manufac- 

This invention relates generally to data processors, and 5 mrer have to disclose the encryption techniques used on 

more particularly, to data processors which encrypt or the microcontroller to the manufacturer of the peripheral, 

decrypt which would increase the chance that the encryption scheme 

will leak out. What is needed, then, is a data processor such 

BACKGROUND OF THE INVENTION as a microcontroller which has a more flexible encryption 

„ . „,-,.. io scheme to allow for external peripherals. The present inven- 

Computer systems are classically defined I as having three ^ ide& such a data whose features and 

main blocks: central processing unit CPU), memory, and advao ' t wiu ^ more ^ understood from the fol- 

input/output peripherals. Microcontrollers, which are also , owi descri lion taken in conj^c^ the 

known as microcomputers or embedded controllers, incor- accon f ^ drawi 

porate all three of these blocks onto a single integrated 15 r ^ 

circuit chip. Microcontrollers are used for a variety of BRIEF DESCRIPTION OF TOE DRAWINGS 

control applications such as microwave ovens, television 

remote controllers, cellular telephones, and the like. FIGS 11 and ^ collectively illustrate in partial block 

Depending on the application, the microcontroUer may diagram and partial logic diagram form a data processor 

either be able to have all program code on-chip, or it may 2Q according to the present invention, 
have some program code on-chip and some program code FIG. 2 illustrates in partial block diagram and partial logic 

off-chip. For these applications, some microcontrollers are diagram form a data processor according to another erabodi- 

designed to operate in an "expanded mode", in which ment of the present invention, 
address and data signals are present on integrated circuit 
pins and thus the microcontroller can access some program 
code off-chip. 

In certain applications it is important to protect the According to the present invention, a user may flexibly 
program code from reverse engineering or ''hacking". While encrypt data and scramble addresses /for accesses of ,a/ 
this program code may be protected from legal copying - microcontroller in an expanded mode by defining portions r oL 
through copyright laws, additional measures are required to 30 the address space which are to be encrypted/decrypted. T he 
prevent "hackers" from illegally copying and redistributing determina tion is made by an en ciyptionjJetemiination<cir- 
this code. If the program code is located in an off-chip cuit wEic^isj-esponsjvejo aportion of the address to" cause 
memory, a hacker may simply pull the program memory " IPflat a encryption -decr yption circu it," or~alt ernatively an 
chips out of their sockets and read out their data using address encryption i circuit, to be^ selectively bypassed. The 
separate hardware. If the program code is completely 35 encryption determination circuit is responsive to an address 
on-chip, hacking at least becomes more difficult. However on the address bus, and preferably a certain number of most 
well-known integrated circuit reverse engineering tech- significant address bits , to make this determination. This 
niques allow the contents of this on-chip program memory partitioning of the address space allows certain input/output 
to be determined relatively easily as well. Furthermore in peripherals or memory devices to be accessed with 
many applications in which the software is complicated, ^ "cleartext", i.e. non-encrypted data, while allowing other 
such as cellular telephones, the code is usually too large to portions, such as a program stored in an external memory, to 
fit completely on-chip. Thus part of the program code must remain encrypted. ^ 
be located off-chip and the microcontroller must access it in This invention is understood with reference to FIGS. 1-1 
expanded mode. In order to protect this valuable code which and 1-2, which collectively form FIG. 1 and illustrate in 
may be partially off-chip, certain microcontrollers have 45 partial block diagram and partial logic diagram form a data 
implemented address and data' encryption techniques. processor 20 according to the present invention. Data pro- 
Address encryption consists generally of scrambling the cessor 20 includes generally a central processing unit (CPU) 
physical locations within the microcontroller's internal core 21, an internal address bus 22, an internal data bus 23, 
memory so that hackers cannot read out the code by deter- a power-up mode logic circuit 24, an encryption determi- 
mining the logic stales of memory cells and knowing the 50 nation circuit 50, a data encryption-decryption circuit 60, 
sequence due to the physical location of the memory cells. ' and an address encryption circuit 100. 
Data encryption includes both encryption and decryption.^ ^ CPU core 21 is a central processing unit having an 8-bit 

I Data is encrypted when it is passed from the internal^" address path and a 16-bit data path and is capable of 

II memory to external memory, and decrypted when it is L read\ processing instructions and accessing data through the 
f|,from external memory into the CPU or internal memory. 55 address and data paths which are respectively coupled to 

There are many well known encryption schemes which use internal address bus 22 and internal data bus 23. While the 

mathematical transformations and may even use the_address present invention is not limited to any particular type of 

location of the data as part of the transfo rmation. CPU, data bus size, or address bus size, CPU core 21 is 

With regard to program instructions and data which are preferably an MC68HC11 microcontroller available from 

stored in external memory but which are brought on-chip as 60 Motorola, Inc., or a comparable microcontroller. Thus, other 

the program demands, encryption is a valuable tool in features conventionally associated with microcontrollers in 

making it more difficult to hack a program. The programmer general and the MC68HC11 microcontroller in particular 

knows the encryption scheme and is able to store the such as on-chip memory and peripherals are omitted from 

program in the external memory chips in encrypted form. the FIG. 1 for ease of illustration. Note that if data processor 

However these microcontrollers are frequently connected to 65 includes special "glue logic" circuitry for generating chip 

external peripherals as well. For example, the data processor select signals, this logic is preferably placed after address 

might need to drive a seven-segment display or read data scrambling. 
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Power-up mode logic ci rcuit 24 has a control input for data processor 120 not shown in FIG. 2 may be implemented 
receiving a signal labelled "RESET*, an input for receiving by the circuit shown in FIG. 1-2. If even further protection 
"POWER-UP CONFIGURATI ON BITS", and an output for is desired, however, the nonvolatile memory may be one- 
providing a signal labelled "BOOTSTRAP". Power-up time programmable (OTP) to prevent experimental deter- 
mode logic circuit 24 allows data processor 20 to enter 5 mination of the encryption patterns, 
certain modes after signal RESET is activated. In the case of Data encryption-decryption circuit 60 includes two 
the MC68HC11F1 microcontroller available from Motorola, ROMs 61 and 62 and logic circuits 70 andJJO. ROM 61 is 
Inc., these modes include single-chip mode, expanded non- a 256-by-8 ROM having an address input connected to 
multiplexed mode, special bootstrap mode, and special test internal address bus 22 for receiving address bits IA8-1A15, 
mode. Thus, power-up mode logic circuit 24 activates signal 10 and an eight -bit data output. Likewise ROM 62 is also a 
BOOTSTRAP when the POWER-UP CONFIGURATION 256-by-8 ROM having an address input connected to inter- 
BITS select the special bootstrap mode. In the bootstrap nal address bus 22 for receiving the lower portion of the 
mode, a resident program allows an external program to be address, namely address bits labelled "IA0-IA7", and an 
loaded through a serial port into the internal RAM. eight -bit data output. 

Encryption determination circuit 50 has an input terminal 15 Logic circuit 70 includes logic circuitry which imple- 
for receiving the eight most significant bits of the internal ments the data enc ryption-decry ption based on the address a t 
address, labelled "IA8-IA15", a control input terminal for which the data is located. Logic circuit 70 includes eight 
receiving signal BOOTSTR AP, and an output terminal for exclusive-OR gates and eight AND gates which are con- 
providing a signal labelled "BYPASS". Encryption deter - nected in a similar configuration. This configuration will be 
mination circuit 50 may b e implem ented with conventional 20 described with respect to the encryption-decryption of an 
"combinational logic circuitry, but may also be implemented internal data signal labelled "ID7" and a corresponding data 
as~shown~uy FIG". l~witH a read-only memory (ROM) 51. signal conducted to an external data bus labelled "D7". A 
ROM 51 has address inpjUMerminals for receiying sig nals first exclusive-OR gate 71 has a first terminal connected to 
I A8-IA 15.. ancT a~singie outpuflerminal. ROM 51 is__a the most -significant output terminal of ROM 61, a second 
256-by-l ROM wh ich resp onds to d ifferent combina tions of 25 i°P ut terminal connected to the most-significant output 
the ad Hress to provide the single^ bit out put sig nal indicative terminal of ROM 62, and an output terminal. A first AND 
01 whether lhe"a35ress encryption a nd data_ encr yption/ gate 72 has a first input terminal connected to the output 
_de crypnon "i s to be per forpied. In* order to allow for cleartext terminal of exclusiv e-OR gate 71, a second input terminal 
fi= !cFBe conducted during certain operating modes, encryption for receiving signal BYPASS, and an output terminal con- 
determination circuit 50 also includes an AND gate 52. AND 30 nected to logic circuit 80. 

gate 52 has a first input terminal connected to the output Logic circuit 80 includes buffers 81 and 82, exclusive-OR 
terminal of ROM 51, a second input terminal for receiving gates 83 and 84, and buffers 85 and 86. Buffer 81 has an 
signal BOOTSTRAP, and an output terminal for providing input terminal for receiving signal D7, a control input 
signal BYPASS. Thus, address encryption and data terminal (not shown) for receiving a read/write signal, and 
encryption/decryption may be selectively bypassed either in 35 an output terminal. Buffer 82 has an input terminal, a control 
certain startup modes or in certain ranges of the address. input terminal (not shown) for receiving a complement of 
Note that it is generally preferable for instructions stored the read/write signal, and an output terminal connected to 
off-chip to be encrypted to prevent easy disassembly. Ill us, the signal line of the external data bus conducting signal D7. 
instruction code will generally not be cleartext. Note also Exclusive-OR gate 83 has a first input terminal connected to 
that ROM 51 may alternatively be random access memory 40 the output terminal of AND gate 72, a second input terminal, 
(RAM) or random logic. However, it may also be desirable and an output terminal connected to the input terminal of 
to further protect data processor 20 from reverse engineering buffer 82. Exclusive-OR gate 84 has a first input terminal 
by preventing a "hacker" from determining which sections connected to the output terminal of buffer 81, a second input 
of memory are encrypted and which sections are in cleartext. terminal connected to the output terminal of AND gate 72, 
In order to achieve this objective ROM 51 may be replaced 45 and an output terminal. Buffer 85 has an input terminal 
by nonvolatile memory based on floating-gate technology. connected to the output terminal of exclusive-OR gate 84, a 
Examples of such nonvolatile memory include erasable control input terminal (not shown) for receiving the comple- 
programmable ROM (EPROM), electrically erasable pro- ment of the read/write signal, and an output terminal con- 
grammable ROM (EEPROM), block erasable or "FLASH" nected to the signal line of internal data bus 23 conducting 
EEPROM, and nonvolatile RAM (NVRAM). Using 50 signal ID7. Buffer 82 has an input terminal connected to the 
floating-gate transistors, the state of the memory cell is signal line of internal data bus 23 conducting signal, a 
determined by the charge on the floating gate. This charge is control input terminal (not shown) for receiving the read/ 
usually formed by applying a voltage which exceeds the write signal, and an output terminal connected to the second 
normal power supply voltage for a certain length of time, input terminal of exclusive-OR gate 83. 
typically on the order of a few milliseconds. After the 55 / When 'signal" BYPASS is active, "data encryption- 
floating-gate transistors are programmed, the logic state decryption circuit 60 does not perform encryption or decryp- 
cannot be determined easily, by optical inspection. This tion of data, i.e., transm its or rece ives data as "cleartext". 
floating gate memory will preferably be implemented using The logic low of signal BYPASS causes AND gate 72 to 
the same array and high-voltage programming circuitry used provide a logic low. The logic low on the output terminal of 
for other nonvolatile memory within the integrated circuit. A 60 AND gate 72 causes exclusive-OR gates 83 and 84 to 
portion of a data processor 120 having such a memory is function as noninverting buffers, i.e., the logic levels on their 
shown in FIG. 2. Elements in common with data processor other input terminals are reflected on their output terminals. 
20 of FIG. 1 are given the same reference numbers. Data During a read cycle, the read/write signal is in a logic state 
"proce ssor 120 incl udes a. CPU core 121 _wi th a floatin g-gate to make buffers 81 and 85 conductive and buffers 82 and 86 
nonvolalilememo^y_122, a portion of which determines the 65 nonconductive and thus signal ID7 is provided from signal 
^^^ioTTTor^ff-chip addresses and is thereby coupled to j D7 unaltered. During a write cycle, the read/write signal is 
the first input terminal of AND gate 52/The remainder of * in a logic state to make buffers 81 and 85 nonconductive and 
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buffers 82 and 86 conductive and thus signal D7 is provided 
from signal ID7 unaltered. 

When signal BYPASS is inactive, data encryption- 
decryption circuit 60 performs encryption or decryption of 
data depending on whether the cycle is a write cycle or a 
read cycle, respectively. The logic high of signal BYPASS 
causes AND gate 72 to provide its output at a logic state 
determined by the output of exclusive-OR gate 71, i.e., in 
dependence on the exclusive-OR of two ROM outputs. This 
logic state will then cause exclusive-OR gates 83 and 84 to 
alternatively function as noninverting or inverting buffers, 
and the logic states provided from the external data bus to 
internal data bus 23 during a read cycle, or from internal data 
bus 23 to the external data bus, will depend thereon. 

Address encryption or scrambling is performed by 
address encryption circuit 100 which includes two ROMs 
101 and 102, a multiplexer (MUX) 103, and a set of buffers 
110. ROMs 101 and 102 have address input terminals 
connected to a respective half of internal address bus 22, and 
output terminals connected to a first input terminal of MUX 
103. ROMs 101 and 102 are each 256-by-8 ROMs. MUX 
103 has a first 16-bit input terminal connected to the data 
output terminals of ROMs 101 and 102, a second 16-bit 
input terminal connected to internal address bu s 22, a control 
input terminal for receiving signal BYPASS, and a 16-bit 
output terminal. Connected to the output terminal is a 
corresponding set of 16 buffers, including a representative 
buffer 115. Buffer 115 has an input terminal connected to a 
corresponding signal of the output terminal of MUX 103, in 
this case the one corresponding to external address signal 
A7, and an output terminal connected to the signal line of the 
external address bus conducting signal A7. 

While the invention has been described in the context of 
a preferred embodiment, it will be apparent to those skilled 
in the art that the present invention may be modified in 
numerous ways and may assume many embodiments other 
than that specifically set out and described above. For 
example while the present invention was illustrated in the 
context of a microcontroller, it should be apparent that the 
disclosed flexible encryption technique is applicable to a 
data processor which cannot be classified as a microcon- 
troller. Furthermore other encryption technqiues may be 
used as well. Accordingly, it is intended by the appended 
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claims to cover all modifications of the invention which fall 
within the true spirit and scope of the invention. 
We claim: 

1. In a data processing system having an external memory 
for storing a first plurality of instructions, an integrated 
circuit data processor with flexible data encryption compris- 
ing: 

a central processing unit core having an address output 
coupled to an internal address bus, and a bidirectional 
data terminal coupled to an internal data bus; 

a floating-gate nonvolatile memory coupled to said inter- 
nal address bus and to said internal data bus; and 

a data encryption-decryption circuit having a first terminal 
coupled to said internal data bus, a second terminal 
coupled to an external data bus, and a control input 
terminal for receiving a bypass signal, wherein said 
data encryption-decryption circuit performs encryption 
when data is provided from, said internal data bus to 
said external data bus and decryption when data is 
provided from said external data bus to said internal 
data bus, selectively in response to said bypass signal^, 

said floating-gate nonvolatile memory having a first por- 
tion which provides said bypass signal at a logic state 
corresponding to a data bit selected by an address 
conducted on said internal address bus, and a second 
portion which stores a second plurality of instructions, 

said central processing unit core executing a program 
comprising said first and second pluralities of instruc- 
tions. 

2. The data processor of claim 1 wherein said floating- 
gate nonvolatile memory comprises erasable programmable 
read only memory (EPROM). 

3. The data processor of claim 2 wherein said floating- 
gate nonvolatile memory further comprises electrically eras- 
able programmable read only memory (EEPROM). 

4. The data processor of claim 3 wherein said floating- 
gate nonvolatile memory further comprises block erasable 
EEPROM. 

5. The data processor of claim 1 wherein said floating- 
gate nonvolatile memory is characterized as being one-lime 
programmable. 
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